projects / platform / upstream / rpm.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 11a7e5d)
Sanity check region offset range on headerLoad()
authorPanu Matilainen <pmatilai@redhat.com>
Thu, 29 Sep 2011 10:22:32 +0000 (13:22 +0300)
committerPanu Matilainen <pmatilai@redhat.com>
Thu, 29 Sep 2011 10:22:32 +0000 (13:22 +0300)
- Fixes the  first case crash of RhBug:741606 / CVE-2011-3378 where
  immutable region offset is way out of bounds.

lib/header.c patch | blob | history

diff --git a/lib/header.c b/lib/header.c
index 284be09..c771967 100644 (file)
--- a/lib/header.c
+++ b/lib/header.c
@@ -836,7 +836,7 @@ Header headerLoad(void * uh)
 
        {   int off = ntohl(pe->offset);
 
-           if (hdrchkData(off))
+           if (hdrchkData(off) || hdrchkRange(dl, off))
                goto errxit;
            if (off) {
                size_t nb = REGION_TAG_COUNT;
Domain: SCM / Build;